<module>redback-authentication-open</module>
<module>redback-authentication-memory</module>
<module>redback-authentication-ldap</module>
+ <module>redback-authentication-users</module>
</modules>
</project>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.apache.archiva.redback</groupId>
+ <artifactId>redback-authentication-providers</artifactId>
+ <version>2.1-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>redback-authentication-users</artifactId>
+ <packaging>bundle</packaging>
+ <name>Redback :: Authentication Provider :: Users</name>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.archiva.redback</groupId>
+ <artifactId>redback-authentication-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.archiva.redback</groupId>
+ <artifactId>redback-policy</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.archiva.redback</groupId>
+ <artifactId>redback-users-configurable</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.archiva.redback</groupId>
+ <artifactId>redback-users-cached</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-context-support</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>javax.annotation</groupId>
+ <artifactId>jsr250-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.archiva.redback</groupId>
+ <artifactId>redback-users-memory</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-simple</artifactId>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
--- /dev/null
+package org.apache.archiva.redback.authentication.users;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.apache.archiva.redback.authentication.AuthenticationConstants;
+import org.apache.archiva.redback.authentication.AuthenticationDataSource;
+import org.apache.archiva.redback.authentication.AuthenticationException;
+import org.apache.archiva.redback.authentication.AuthenticationResult;
+import org.apache.archiva.redback.authentication.Authenticator;
+import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
+import org.apache.archiva.redback.policy.AccountLockedException;
+import org.apache.archiva.redback.policy.MustChangePasswordException;
+import org.apache.archiva.redback.policy.PasswordEncoder;
+import org.apache.archiva.redback.policy.PolicyViolationException;
+import org.apache.archiva.redback.policy.UserSecurityPolicy;
+import org.apache.archiva.redback.users.User;
+import org.apache.archiva.redback.users.UserManager;
+import org.apache.archiva.redback.users.UserNotFoundException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * {@link Authenticator} implementation that uses a wrapped {@link UserManager} to authenticate.
+ *
+ * @author <a href='mailto:rahul.thakur.xdev@gmail.com'>Rahul Thakur</a>
+ */
+@Service ("authenticator#user-manager")
+public class UserManagerAuthenticator
+ implements Authenticator
+{
+ private Logger log = LoggerFactory.getLogger( getClass() );
+
+ @Inject
+ @Named (value = "userManager#configurable")
+ private UserManager userManager;
+
+ @Inject
+ private UserSecurityPolicy securityPolicy;
+
+ public String getId()
+ {
+ return "UserManagerAuthenticator";
+ }
+
+ /**
+ * @throws org.apache.archiva.redback.policy.AccountLockedException
+ *
+ * @throws MustChangePasswordException
+ * @throws MustChangePasswordException
+ * @throws PolicyViolationException
+ * @see org.apache.archiva.redback.authentication.Authenticator#authenticate(org.apache.archiva.redback.authentication.AuthenticationDataSource)
+ */
+ public AuthenticationResult authenticate( AuthenticationDataSource ds )
+ throws AuthenticationException, AccountLockedException, MustChangePasswordException
+ {
+ boolean authenticationSuccess = false;
+ String username = null;
+ Exception resultException = null;
+ PasswordBasedAuthenticationDataSource source = (PasswordBasedAuthenticationDataSource) ds;
+ Map<String, String> authnResultExceptionsMap = new HashMap<String, String>();
+
+ try
+ {
+ log.debug( "Authenticate: {}", source );
+ User user = userManager.findUser( source.getPrincipal() );
+ username = user.getUsername();
+
+ if ( user.isLocked() )
+ {
+ throw new AccountLockedException( "Account " + source.getPrincipal() + " is locked.", user );
+ }
+
+ if ( user.isPasswordChangeRequired() && source.isEnforcePasswordChange() )
+ {
+ throw new MustChangePasswordException( "Password expired.", user );
+ }
+
+ PasswordEncoder encoder = securityPolicy.getPasswordEncoder();
+ log.debug( "PasswordEncoder: {}", encoder.getClass().getName() );
+
+ boolean isPasswordValid = encoder.isPasswordValid( user.getEncodedPassword(), source.getPassword() );
+ if ( isPasswordValid )
+ {
+ log.debug( "User {} provided a valid password", source.getPrincipal() );
+
+ try
+ {
+ securityPolicy.extensionPasswordExpiration( user );
+ }
+ catch ( MustChangePasswordException e )
+ {
+ user.setPasswordChangeRequired( true );
+ throw e;
+ }
+
+ authenticationSuccess = true;
+
+ //REDBACK-151 do not make unnessesary updates to the user object
+ if ( user.getCountFailedLoginAttempts() > 0 )
+ {
+ user.setCountFailedLoginAttempts( 0 );
+ userManager.updateUser( user );
+ }
+
+ return new AuthenticationResult( true, source.getPrincipal(), null );
+ }
+ else
+ {
+ log.warn( "Password is Invalid for user {}.", source.getPrincipal() );
+ authnResultExceptionsMap.put( AuthenticationConstants.AUTHN_NO_SUCH_USER,
+ "Password is Invalid for user " + source.getPrincipal() + "." );
+
+ try
+ {
+ securityPolicy.extensionExcessiveLoginAttempts( user );
+ }
+ finally
+ {
+ userManager.updateUser( user );
+ }
+
+ return new AuthenticationResult( false, source.getPrincipal(), null, authnResultExceptionsMap );
+ }
+ }
+ catch ( UserNotFoundException e )
+ {
+ log.warn( "Login for user {} failed. user not found.", source.getPrincipal() );
+ resultException = e;
+ authnResultExceptionsMap.put( AuthenticationConstants.AUTHN_NO_SUCH_USER,
+ "Login for user " + source.getPrincipal() + " failed. user not found." );
+ }
+
+ return new AuthenticationResult( authenticationSuccess, username, resultException, authnResultExceptionsMap );
+ }
+
+ /**
+ * Returns the wrapped {@link UserManager} used by this {@link org.apache.archiva.redback.authentication.Authenticator}
+ * implementation for authentication.
+ *
+ * @return the userManager
+ */
+ public UserManager getUserManager()
+ {
+ return userManager;
+ }
+
+ /**
+ * Sets a {@link UserManager} to be used by this {@link Authenticator}
+ * implementation for authentication.
+ *
+ * @param userManager the userManager to set
+ */
+ public void setUserManager( UserManager userManager )
+ {
+ this.userManager = userManager;
+ }
+
+ public boolean supportsDataSource( AuthenticationDataSource source )
+ {
+ return ( source instanceof PasswordBasedAuthenticationDataSource );
+ }
+
+ public UserSecurityPolicy getSecurityPolicy()
+ {
+ return securityPolicy;
+ }
+
+ public void setSecurityPolicy( UserSecurityPolicy securityPolicy )
+ {
+ this.securityPolicy = securityPolicy;
+ }
+}
--- /dev/null
+<?xml version="1.0"?>
+
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+ http://www.springframework.org/schema/context
+ http://www.springframework.org/schema/context/spring-context-3.0.xsd"
+ default-lazy-init="true">
+
+ <context:annotation-config />
+ <context:component-scan
+ base-package="org.apache.archiva.redback.authentication.users"/>
+
+</beans>
\ No newline at end of file
--- /dev/null
+package org.apache.archiva.redback.authentication.users;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import junit.framework.TestCase;
+import org.apache.archiva.redback.authentication.Authenticator;
+import org.apache.archiva.redback.policy.MustChangePasswordException;
+import org.apache.archiva.redback.users.User;
+import org.apache.archiva.redback.users.UserManager;
+import org.apache.archiva.redback.users.UserNotFoundException;
+import org.apache.archiva.redback.authentication.AuthenticationException;
+import org.apache.archiva.redback.authentication.AuthenticationResult;
+import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
+import org.apache.archiva.redback.policy.AccountLockedException;
+import org.apache.archiva.redback.policy.UserSecurityPolicy;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import java.util.Calendar;
+import java.util.Date;
+
+/**
+ * Tests for {@link org.apache.archiva.redback.authentication.users.UserManagerAuthenticator} implementation.
+ *
+ * @author <a href='mailto:rahul.thakur.xdev@gmail.com'>Rahul Thakur</a>
+ */
+@RunWith( SpringJUnit4ClassRunner.class )
+@ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" } )
+public class UserManagerAuthenticatorTest
+ extends TestCase
+{
+ @Inject
+ private UserSecurityPolicy userSecurityPolicy;
+
+ @Inject
+ @Named(value = "authenticator#user-manager")
+ Authenticator component;
+
+ @Inject
+ @Named(value = "userManager#memory")
+ UserManager um;
+
+ @Before
+ public void setUp()
+ throws Exception
+ {
+ super.setUp();
+ userSecurityPolicy.setEnabled( false );
+ }
+
+ @Test
+ public void testLookup()
+ throws Exception
+ {
+ assertNotNull( component );
+ assertEquals( UserManagerAuthenticator.class.getName(), component.getClass().getName() );
+ }
+
+ @Test
+ public void testAuthenticate()
+ throws Exception
+ {
+ // Set up a few users for the Authenticator
+
+ User user = um.createUser( "test", "Test User", "testuser@somedomain.com" );
+ user.setPassword( "testpass" );
+ um.addUser( user );
+
+ user = um.createUser( "guest", "Guest User", "testuser@somedomain.com" );
+ user.setPassword( "guestpass" );
+ um.addUser( user );
+
+ user = um.createUser( "anonymous", "Anonymous User", "testuser@somedomain.com" );
+ user.setPassword( "nopass" );
+ um.addUser( user );
+
+ // test with valid credentials
+ Authenticator auth = component;
+ assertNotNull( auth );
+
+ AuthenticationResult result = auth.authenticate( createAuthDataSource( "anonymous", "nopass" ) );
+ assertTrue( result.isAuthenticated() );
+
+ // test with invalid password
+ result = auth.authenticate( createAuthDataSource( "anonymous", "wrongpass" ) );
+ assertFalse( result.isAuthenticated() );
+ assertNull( result.getException() );
+
+ // test with unknown user
+ result = auth.authenticate( createAuthDataSource( "unknownuser", "wrongpass" ) );
+ assertFalse( result.isAuthenticated() );
+ assertNotNull( result.getException() );
+ assertEquals( result.getException().getClass().getName(), UserNotFoundException.class.getName() );
+ }
+
+ @Test
+ public void testAuthenticateLockedPassword()
+ throws AuthenticationException, MustChangePasswordException, UserNotFoundException
+ {
+ userSecurityPolicy.setEnabled( true );
+
+ // Set up a user for the Authenticator
+ User user = um.createUser( "testuser", "Test User Locked Password", "testuser@somedomain.com" );
+ user.setPassword( "correctpass1" );
+ user.setValidated( true );
+ user.setPasswordChangeRequired( false );
+ um.addUser( user );
+
+ Authenticator auth = component;
+ assertNotNull( auth );
+
+ boolean hasException = false;
+ AuthenticationResult result = null;
+
+ try
+ {
+ // test password lock
+ for ( int i = 0; i < 11; i++ )
+ {
+ result = auth.authenticate( createAuthDataSource( "testuser", "wrongpass" ) );
+ }
+ }
+ catch ( AccountLockedException e )
+ {
+ hasException = true;
+ }
+ finally
+ {
+ assertNotNull( result );
+ assertFalse( result.isAuthenticated() );
+ assertTrue( hasException );
+ }
+ }
+
+ @Test
+ public void testAuthenticateExpiredPassword()
+ throws AuthenticationException, AccountLockedException, UserNotFoundException
+ {
+ userSecurityPolicy.setEnabled( true );
+ userSecurityPolicy.setPasswordExpirationDays( 15 );
+
+ // Set up a user for the Authenticator
+ User user = um.createUser( "testuser", "Test User Expired Password", "testuser@somedomain.com" );
+ user.setPassword( "expiredpass1" );
+ user.setValidated( true );
+ user.setPasswordChangeRequired( false );
+ um.addUser( user );
+
+ Authenticator auth = component;
+ assertNotNull( auth );
+
+ boolean hasException = false;
+
+ try
+ {
+ // test successful authentication
+ AuthenticationResult result = auth.authenticate( createAuthDataSource( "testuser", "expiredpass1" ) );
+ assertTrue( result.isAuthenticated() );
+
+ // test expired password
+ user = um.findUser( "testuser" );
+
+ Calendar currentDate = Calendar.getInstance();
+ currentDate.set( Calendar.YEAR, currentDate.get( Calendar.YEAR ) - 1 );
+ Date lastPasswordChange = currentDate.getTime();
+ user.setLastPasswordChange( lastPasswordChange );
+
+ um.updateUser( user );
+
+ auth.authenticate( createAuthDataSource( "testuser", "expiredpass1" ) );
+ }
+ catch ( MustChangePasswordException e )
+ {
+ hasException = true;
+ }
+ finally
+ {
+ assertTrue( hasException );
+ }
+ }
+
+ private PasswordBasedAuthenticationDataSource createAuthDataSource( String username, String password )
+ {
+ PasswordBasedAuthenticationDataSource source = new PasswordBasedAuthenticationDataSource();
+
+ source.setPrincipal( username );
+ source.setPassword( password );
+
+ return source;
+
+ }
+}
--- /dev/null
+<?xml version="1.0"?>
+
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-3.0.xsd"
+ default-lazy-init="true">
+
+ <bean name="authenticator#user-manager" class="org.apache.archiva.redback.authentication.users.UserManagerAuthenticator">
+ <property name="userManager" ref="userManager#memory"/>
+ <property name="securityPolicy" ref="userSecurityPolicy"/>
+ </bean>
+
+ <alias name="userManager#memory" alias="userManager#jdo"/>
+
+ <alias name="userConfiguration#redback" alias="userConfiguration#default"/>
+
+</beans>
\ No newline at end of file
<module>redback-users-api</module>
<module>redback-users-providers</module>
<module>redback-users-tests</module>
- <module>redback-authentication-users</module>
</modules>
</project>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- ~ Licensed to the Apache Software Foundation (ASF) under one
- ~ or more contributor license agreements. See the NOTICE file
- ~ distributed with this work for additional information
- ~ regarding copyright ownership. The ASF licenses this file
- ~ to you under the Apache License, Version 2.0 (the
- ~ "License"); you may not use this file except in compliance
- ~ with the License. You may obtain a copy of the License at
- ~
- ~ http://www.apache.org/licenses/LICENSE-2.0
- ~
- ~ Unless required by applicable law or agreed to in writing,
- ~ software distributed under the License is distributed on an
- ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- ~ KIND, either express or implied. See the License for the
- ~ specific language governing permissions and limitations
- ~ under the License.
- -->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-
- <modelVersion>4.0.0</modelVersion>
-
- <parent>
- <groupId>org.apache.archiva.redback</groupId>
- <artifactId>redback-authentication-providers</artifactId>
- <version>2.1-SNAPSHOT</version>
- <relativePath>../../redback-authentication/redback-authentication-providers/pom.xml</relativePath>
- </parent>
-
- <artifactId>redback-authentication-users</artifactId>
- <packaging>bundle</packaging>
- <name>Redback :: Authentication Provider :: Users</name>
-
- <dependencies>
- <dependency>
- <groupId>org.apache.archiva.redback</groupId>
- <artifactId>redback-authentication-api</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.archiva.redback</groupId>
- <artifactId>redback-policy</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.archiva.redback</groupId>
- <artifactId>redback-users-configurable</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.archiva.redback</groupId>
- <artifactId>redback-users-cached</artifactId>
- </dependency>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-context-support</artifactId>
- </dependency>
- <dependency>
- <groupId>javax.annotation</groupId>
- <artifactId>jsr250-api</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.archiva.redback</groupId>
- <artifactId>redback-users-memory</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-simple</artifactId>
- <scope>test</scope>
- </dependency>
- </dependencies>
-
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.felix</groupId>
- <artifactId>maven-bundle-plugin</artifactId>
- </plugin>
- </plugins>
- </build>
-
-</project>
+++ /dev/null
-package org.apache.archiva.redback.authentication.users;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import org.apache.archiva.redback.authentication.AuthenticationConstants;
-import org.apache.archiva.redback.authentication.AuthenticationDataSource;
-import org.apache.archiva.redback.authentication.AuthenticationException;
-import org.apache.archiva.redback.authentication.AuthenticationResult;
-import org.apache.archiva.redback.authentication.Authenticator;
-import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
-import org.apache.archiva.redback.policy.AccountLockedException;
-import org.apache.archiva.redback.policy.MustChangePasswordException;
-import org.apache.archiva.redback.policy.PasswordEncoder;
-import org.apache.archiva.redback.policy.PolicyViolationException;
-import org.apache.archiva.redback.policy.UserSecurityPolicy;
-import org.apache.archiva.redback.users.User;
-import org.apache.archiva.redback.users.UserManager;
-import org.apache.archiva.redback.users.UserNotFoundException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Service;
-
-import javax.inject.Inject;
-import javax.inject.Named;
-import java.util.HashMap;
-import java.util.Map;
-
-/**
- * {@link Authenticator} implementation that uses a wrapped {@link UserManager} to authenticate.
- *
- * @author <a href='mailto:rahul.thakur.xdev@gmail.com'>Rahul Thakur</a>
- */
-@Service ("authenticator#user-manager")
-public class UserManagerAuthenticator
- implements Authenticator
-{
- private Logger log = LoggerFactory.getLogger( getClass() );
-
- @Inject
- @Named (value = "userManager#configurable")
- private UserManager userManager;
-
- @Inject
- private UserSecurityPolicy securityPolicy;
-
- public String getId()
- {
- return "UserManagerAuthenticator";
- }
-
- /**
- * @throws org.apache.archiva.redback.policy.AccountLockedException
- *
- * @throws MustChangePasswordException
- * @throws MustChangePasswordException
- * @throws PolicyViolationException
- * @see org.apache.archiva.redback.authentication.Authenticator#authenticate(org.apache.archiva.redback.authentication.AuthenticationDataSource)
- */
- public AuthenticationResult authenticate( AuthenticationDataSource ds )
- throws AuthenticationException, AccountLockedException, MustChangePasswordException
- {
- boolean authenticationSuccess = false;
- String username = null;
- Exception resultException = null;
- PasswordBasedAuthenticationDataSource source = (PasswordBasedAuthenticationDataSource) ds;
- Map<String, String> authnResultExceptionsMap = new HashMap<String, String>();
-
- try
- {
- log.debug( "Authenticate: {}", source );
- User user = userManager.findUser( source.getPrincipal() );
- username = user.getUsername();
-
- if ( user.isLocked() )
- {
- throw new AccountLockedException( "Account " + source.getPrincipal() + " is locked.", user );
- }
-
- if ( user.isPasswordChangeRequired() && source.isEnforcePasswordChange() )
- {
- throw new MustChangePasswordException( "Password expired.", user );
- }
-
- PasswordEncoder encoder = securityPolicy.getPasswordEncoder();
- log.debug( "PasswordEncoder: {}", encoder.getClass().getName() );
-
- boolean isPasswordValid = encoder.isPasswordValid( user.getEncodedPassword(), source.getPassword() );
- if ( isPasswordValid )
- {
- log.debug( "User {} provided a valid password", source.getPrincipal() );
-
- try
- {
- securityPolicy.extensionPasswordExpiration( user );
- }
- catch ( MustChangePasswordException e )
- {
- user.setPasswordChangeRequired( true );
- throw e;
- }
-
- authenticationSuccess = true;
-
- //REDBACK-151 do not make unnessesary updates to the user object
- if ( user.getCountFailedLoginAttempts() > 0 )
- {
- user.setCountFailedLoginAttempts( 0 );
- userManager.updateUser( user );
- }
-
- return new AuthenticationResult( true, source.getPrincipal(), null );
- }
- else
- {
- log.warn( "Password is Invalid for user {}.", source.getPrincipal() );
- authnResultExceptionsMap.put( AuthenticationConstants.AUTHN_NO_SUCH_USER,
- "Password is Invalid for user " + source.getPrincipal() + "." );
-
- try
- {
- securityPolicy.extensionExcessiveLoginAttempts( user );
- }
- finally
- {
- userManager.updateUser( user );
- }
-
- return new AuthenticationResult( false, source.getPrincipal(), null, authnResultExceptionsMap );
- }
- }
- catch ( UserNotFoundException e )
- {
- log.warn( "Login for user {} failed. user not found.", source.getPrincipal() );
- resultException = e;
- authnResultExceptionsMap.put( AuthenticationConstants.AUTHN_NO_SUCH_USER,
- "Login for user " + source.getPrincipal() + " failed. user not found." );
- }
-
- return new AuthenticationResult( authenticationSuccess, username, resultException, authnResultExceptionsMap );
- }
-
- /**
- * Returns the wrapped {@link UserManager} used by this {@link org.apache.archiva.redback.authentication.Authenticator}
- * implementation for authentication.
- *
- * @return the userManager
- */
- public UserManager getUserManager()
- {
- return userManager;
- }
-
- /**
- * Sets a {@link UserManager} to be used by this {@link Authenticator}
- * implementation for authentication.
- *
- * @param userManager the userManager to set
- */
- public void setUserManager( UserManager userManager )
- {
- this.userManager = userManager;
- }
-
- public boolean supportsDataSource( AuthenticationDataSource source )
- {
- return ( source instanceof PasswordBasedAuthenticationDataSource );
- }
-
- public UserSecurityPolicy getSecurityPolicy()
- {
- return securityPolicy;
- }
-
- public void setSecurityPolicy( UserSecurityPolicy securityPolicy )
- {
- this.securityPolicy = securityPolicy;
- }
-}
+++ /dev/null
-<?xml version="1.0"?>
-
-<!--
- ~ Licensed to the Apache Software Foundation (ASF) under one
- ~ or more contributor license agreements. See the NOTICE file
- ~ distributed with this work for additional information
- ~ regarding copyright ownership. The ASF licenses this file
- ~ to you under the Apache License, Version 2.0 (the
- ~ "License"); you may not use this file except in compliance
- ~ with the License. You may obtain a copy of the License at
- ~
- ~ http://www.apache.org/licenses/LICENSE-2.0
- ~
- ~ Unless required by applicable law or agreed to in writing,
- ~ software distributed under the License is distributed on an
- ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- ~ KIND, either express or implied. See the License for the
- ~ specific language governing permissions and limitations
- ~ under the License.
- -->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:context="http://www.springframework.org/schema/context"
- xsi:schemaLocation="http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context-3.0.xsd"
- default-lazy-init="true">
-
- <context:annotation-config />
- <context:component-scan
- base-package="org.apache.archiva.redback.authentication.users"/>
-
-</beans>
\ No newline at end of file
+++ /dev/null
-package org.apache.archiva.redback.authentication.users;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import junit.framework.TestCase;
-import org.apache.archiva.redback.authentication.Authenticator;
-import org.apache.archiva.redback.policy.MustChangePasswordException;
-import org.apache.archiva.redback.users.User;
-import org.apache.archiva.redback.users.UserManager;
-import org.apache.archiva.redback.users.UserNotFoundException;
-import org.apache.archiva.redback.authentication.AuthenticationException;
-import org.apache.archiva.redback.authentication.AuthenticationResult;
-import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
-import org.apache.archiva.redback.policy.AccountLockedException;
-import org.apache.archiva.redback.policy.UserSecurityPolicy;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-
-import javax.inject.Inject;
-import javax.inject.Named;
-import java.util.Calendar;
-import java.util.Date;
-
-/**
- * Tests for {@link org.apache.archiva.redback.authentication.users.UserManagerAuthenticator} implementation.
- *
- * @author <a href='mailto:rahul.thakur.xdev@gmail.com'>Rahul Thakur</a>
- */
-@RunWith( SpringJUnit4ClassRunner.class )
-@ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" } )
-public class UserManagerAuthenticatorTest
- extends TestCase
-{
- @Inject
- private UserSecurityPolicy userSecurityPolicy;
-
- @Inject
- @Named(value = "authenticator#user-manager")
- Authenticator component;
-
- @Inject
- @Named(value = "userManager#memory")
- UserManager um;
-
- @Before
- public void setUp()
- throws Exception
- {
- super.setUp();
- userSecurityPolicy.setEnabled( false );
- }
-
- @Test
- public void testLookup()
- throws Exception
- {
- assertNotNull( component );
- assertEquals( UserManagerAuthenticator.class.getName(), component.getClass().getName() );
- }
-
- @Test
- public void testAuthenticate()
- throws Exception
- {
- // Set up a few users for the Authenticator
-
- User user = um.createUser( "test", "Test User", "testuser@somedomain.com" );
- user.setPassword( "testpass" );
- um.addUser( user );
-
- user = um.createUser( "guest", "Guest User", "testuser@somedomain.com" );
- user.setPassword( "guestpass" );
- um.addUser( user );
-
- user = um.createUser( "anonymous", "Anonymous User", "testuser@somedomain.com" );
- user.setPassword( "nopass" );
- um.addUser( user );
-
- // test with valid credentials
- Authenticator auth = component;
- assertNotNull( auth );
-
- AuthenticationResult result = auth.authenticate( createAuthDataSource( "anonymous", "nopass" ) );
- assertTrue( result.isAuthenticated() );
-
- // test with invalid password
- result = auth.authenticate( createAuthDataSource( "anonymous", "wrongpass" ) );
- assertFalse( result.isAuthenticated() );
- assertNull( result.getException() );
-
- // test with unknown user
- result = auth.authenticate( createAuthDataSource( "unknownuser", "wrongpass" ) );
- assertFalse( result.isAuthenticated() );
- assertNotNull( result.getException() );
- assertEquals( result.getException().getClass().getName(), UserNotFoundException.class.getName() );
- }
-
- @Test
- public void testAuthenticateLockedPassword()
- throws AuthenticationException, MustChangePasswordException, UserNotFoundException
- {
- userSecurityPolicy.setEnabled( true );
-
- // Set up a user for the Authenticator
- User user = um.createUser( "testuser", "Test User Locked Password", "testuser@somedomain.com" );
- user.setPassword( "correctpass1" );
- user.setValidated( true );
- user.setPasswordChangeRequired( false );
- um.addUser( user );
-
- Authenticator auth = component;
- assertNotNull( auth );
-
- boolean hasException = false;
- AuthenticationResult result = null;
-
- try
- {
- // test password lock
- for ( int i = 0; i < 11; i++ )
- {
- result = auth.authenticate( createAuthDataSource( "testuser", "wrongpass" ) );
- }
- }
- catch ( AccountLockedException e )
- {
- hasException = true;
- }
- finally
- {
- assertNotNull( result );
- assertFalse( result.isAuthenticated() );
- assertTrue( hasException );
- }
- }
-
- @Test
- public void testAuthenticateExpiredPassword()
- throws AuthenticationException, AccountLockedException, UserNotFoundException
- {
- userSecurityPolicy.setEnabled( true );
- userSecurityPolicy.setPasswordExpirationDays( 15 );
-
- // Set up a user for the Authenticator
- User user = um.createUser( "testuser", "Test User Expired Password", "testuser@somedomain.com" );
- user.setPassword( "expiredpass1" );
- user.setValidated( true );
- user.setPasswordChangeRequired( false );
- um.addUser( user );
-
- Authenticator auth = component;
- assertNotNull( auth );
-
- boolean hasException = false;
-
- try
- {
- // test successful authentication
- AuthenticationResult result = auth.authenticate( createAuthDataSource( "testuser", "expiredpass1" ) );
- assertTrue( result.isAuthenticated() );
-
- // test expired password
- user = um.findUser( "testuser" );
-
- Calendar currentDate = Calendar.getInstance();
- currentDate.set( Calendar.YEAR, currentDate.get( Calendar.YEAR ) - 1 );
- Date lastPasswordChange = currentDate.getTime();
- user.setLastPasswordChange( lastPasswordChange );
-
- um.updateUser( user );
-
- auth.authenticate( createAuthDataSource( "testuser", "expiredpass1" ) );
- }
- catch ( MustChangePasswordException e )
- {
- hasException = true;
- }
- finally
- {
- assertTrue( hasException );
- }
- }
-
- private PasswordBasedAuthenticationDataSource createAuthDataSource( String username, String password )
- {
- PasswordBasedAuthenticationDataSource source = new PasswordBasedAuthenticationDataSource();
-
- source.setPrincipal( username );
- source.setPassword( password );
-
- return source;
-
- }
-}
+++ /dev/null
-<?xml version="1.0"?>
-
-<!--
- ~ Licensed to the Apache Software Foundation (ASF) under one
- ~ or more contributor license agreements. See the NOTICE file
- ~ distributed with this work for additional information
- ~ regarding copyright ownership. The ASF licenses this file
- ~ to you under the Apache License, Version 2.0 (the
- ~ "License"); you may not use this file except in compliance
- ~ with the License. You may obtain a copy of the License at
- ~
- ~ http://www.apache.org/licenses/LICENSE-2.0
- ~
- ~ Unless required by applicable law or agreed to in writing,
- ~ software distributed under the License is distributed on an
- ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- ~ KIND, either express or implied. See the License for the
- ~ specific language governing permissions and limitations
- ~ under the License.
- -->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-3.0.xsd"
- default-lazy-init="true">
-
- <bean name="authenticator#user-manager" class="org.apache.archiva.redback.authentication.users.UserManagerAuthenticator">
- <property name="userManager" ref="userManager#memory"/>
- <property name="securityPolicy" ref="userSecurityPolicy"/>
- </bean>
-
- <alias name="userManager#memory" alias="userManager#jdo"/>
-
- <alias name="userConfiguration#redback" alias="userConfiguration#default"/>
-
-</beans>
\ No newline at end of file
projects / archiva.git / commitdiff